Terraform-provider-helm: Unknown Authority error when using statically defined credentials

Created on 12 Jan 2018  路  2Comments  路  Source: hashicorp/terraform-provider-helm

I am seeing this error:

helm_chart.api: error installing: Post https://35.192.46.211/apis/extensions/v1beta1/namespaces/kube-system/deployments: x509: certificate signed by unknown authority

This is my configuration:

provider "helm" {
    kubernetes {
        host     = "${module.kubernetes-cluster.host}"
        username = "${module.kubernetes-cluster.username}"
        password = "${module.kubernetes-cluster.password}"

        client_certificate     = "${base64decode(module.kubernetes-cluster.client_certificate)}"
        client_key             = "${base64decode(module.kubernetes-cluster.client_key)}"
        cluster_ca_certificate = "${module.kubernetes-cluster.cluster_certificate_file}"
    }
}

resource "helm_repository" "incubator" {
    name = "incubator"
    url  = "https://kubernetes-charts-incubator.storage.googleapis.com"
}

What am I missing @mcuadros ?

Most helpful comment

Looks like you are not decoding the cluster_certificate_file, this is an example using the Helm provider in a similar setup:

provider "helm" {
  kubernetes {
    host                   = "${module.k8s_cluster.endpoint}"
    cluster_ca_certificate = "${module.k8s_cluster.cluster_ca_certificate}"
    client_certificate     = "${module.k8s_cluster.client_certificate}"
    client_key             = "${module.k8s_cluster.client_key}"
  }

k8s_cluster modules:

output "cluster_ca_certificate" {
  description = "Public certificate that is the root of trust for the cluster"
  value       = "${base64decode(google_container_cluster.primary.master_auth.0.cluster_ca_certificate)}"
}

output "client_key" {
  description = "Private key used by clients to authenticate to the cluster endpoint"
  value       = "${base64decode(google_container_cluster.primary.master_auth.0.client_key)}"
}

output "client_certificate" {
  description = "Public certificate used by clients to authenticate to the cluster endpoint"
  value       = "${base64decode(google_container_cluster.primary.master_auth.0.client_certificate)}"
}

If doesn't work please re-open the issue.

All 2 comments

Looks like you are not decoding the cluster_certificate_file, this is an example using the Helm provider in a similar setup:

provider "helm" {
  kubernetes {
    host                   = "${module.k8s_cluster.endpoint}"
    cluster_ca_certificate = "${module.k8s_cluster.cluster_ca_certificate}"
    client_certificate     = "${module.k8s_cluster.client_certificate}"
    client_key             = "${module.k8s_cluster.client_key}"
  }

k8s_cluster modules:

output "cluster_ca_certificate" {
  description = "Public certificate that is the root of trust for the cluster"
  value       = "${base64decode(google_container_cluster.primary.master_auth.0.cluster_ca_certificate)}"
}

output "client_key" {
  description = "Private key used by clients to authenticate to the cluster endpoint"
  value       = "${base64decode(google_container_cluster.primary.master_auth.0.client_key)}"
}

output "client_certificate" {
  description = "Public certificate used by clients to authenticate to the cluster endpoint"
  value       = "${base64decode(google_container_cluster.primary.master_auth.0.client_certificate)}"
}

If doesn't work please re-open the issue.

I fixed using

gcloud container clusters get-credentials cluster-name
Was this page helpful?
0 / 5 - 0 ratings

Related issues

stefanthorpe picture stefanthorpe  路  14Comments

aaronmell picture aaronmell  路  22Comments

adaphi picture adaphi  路  11Comments

obeyler picture obeyler  路  16Comments

sean-ersw picture sean-ersw  路  22Comments